CVE-2020-13881

moderate-risk
Published 2020-06-06

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

Do I need to act?

~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (7)

Pam Tacplus
Cloudvision Portal

Affected Vendors

Debian Canonical Arista Pam Tacplus Project

References (14)

Mailing List http://www.openwall.com/lists/oss-security/2020/06/08/1
Patch https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabc...
Issue Tracking https://github.com/kravietz/pam_tacplus/issues/149
Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html
Mailing List https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html
Third Party Advisory https://usn.ubuntu.com/4521-1/
Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/11705-s...
Mailing List http://www.openwall.com/lists/oss-security/2020/06/08/1
Patch https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabc...
Issue Tracking https://github.com/kravietz/pam_tacplus/issues/149
Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html
Mailing List https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html
Third Party Advisory https://usn.ubuntu.com/4521-1/
Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/11705-s...
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 4/34 · Minimal
Exposure 14/34 · Moderate